Why can't I connect externally to VPN on one network, but I can with two others?

Posted on 2007-04-09
Last Modified: 2010-05-18
*WORKS* I have set up a VPN server on a Windows 2003 server (std) by following the RRAS wizard, allowing access for a user, and then forwarding port (on the router) 1723 TCP to the server's internal IP. It works just fine. This has one network port and the router is a Linksys. It has both port-forwarding of 1723 to the server and PPTP passthrough enabled.

*WORKS* I did this same thing on another WIndows 2003 server SBS netowork and it works also. This one has one network port and a Microsoft MN-700 router. It has port forwarding enabled for 1723 TCP to the server. (PPTP pass-through is not mentioned in the config screens)

*DOES NOT WORK!* I tried the same thing on a another Windows SBS 2003 server (a third network) and I can not connect. It gets to "Verifying username and password" then says "error 721. the remote computer did not respond". This server also has one network port and has a D-Link DI-614+ router. I tried both TCP 1723 and UDP 500 forwarding to the server.

Thanks for your help.
Question by:jmolhava
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 58

Accepted Solution

tigermatt earned 250 total points
ID: 18881061
The 721 error can be caused if you haven't forwarded the GRE protocol (also known as protocol 47) in your router through to the server's IP address. This, as far as I'm aware, handles the authentication for the PPTP VPN, so needs to be forwarded. However, don't get protocol 47 confused with TCP port 47, forwarding that won't do anything. On some routers, it would be enabled by enabling PPTP passthrough, so it could be the D-link router just isn't capable of it.

However, another possibility could be that it is blocked at the ISP, but if your machine manages to find the server and only fails on the verifying username and password stage, it is likely to be the GRE protocol 47 issue.
LVL 58

Expert Comment

ID: 18881073
However (with reference to my previous post) it does say here that it is capable of concurrent PPTP VPN connections. Perhaps there's a check box somewhere to tick to allow PPTP passthrough? If not, just try and see if GRE protocol 47 can be forwarded in the NAT port forwarding settings.

Author Comment

ID: 18883423
I looked into the info you mentioned and also the D-Link page. It's also good to know what the GRE 47 actually does... never really knew other than it was needed.
From the D-Link page: They seem to have a specific way to enable the GRE protocol (just not as obvious as on the other two routers). I will try it later today and post back with the results.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 18885071
OK that did it. It works now. Thanks for the tip off with GRE and the router settings. I guess every router kinda has their own way to do it.


Author Comment

ID: 18885092
One more thought in case anyone else has this same router:
D-Link DI-614+
See the knowledge base on their website and look at the PPTP VPN connection instructions. The GRE entry will show up only if you add the PPTP 1723 entry in 'Virtual Server'. I also had to reset the router in order for it to take effect (apply was not enough).
LVL 58

Expert Comment

ID: 18885511
That's often the case - the less advanced routers are probably preconfigured to do it for you. At least it works now!

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question